# Sandcastle sandbox image — runs the implementer + reviewer agents.
#
# Includes Claude Code CLI so the sandbox can authenticate via the host's
# mounted ~/.claude/ session (sandcastle issue #191 workaround — subscription
# auth, not API-key auth, is our primary flow). Falls back to ANTHROPIC_API_KEY
# when no host credentials are available.

FROM node:22-bookworm-slim

# pnpm via corepack (matches the repo's pnpm version)
RUN corepack enable && corepack prepare pnpm@9 --activate

# Claude Code CLI — used by sandcastle's claudeCode() agent provider.
# The CLI reads credentials from ~/.claude/ inside the container; the host
# mounts its ~/.claude/ over that path at sandbox start.
RUN npm install -g @anthropic-ai/claude-code

# Minimal system deps for git operations + healthchecks.
RUN apt-get update && apt-get install -y --no-install-recommends \
    git \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /workspace

CMD ["bash"]